Friday, September 30, 2016

Enabling elasticsearch-readonlyrest-plugin

1. Install the plugin

export ES_VERSION=2.3.0
bin/plugin install https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin/releases/download/v1.10.0_es-v$ES_VERSION/elasticsearch-readonlyrest-v1.10.0_es-v$ES_VERSION.zip

2. Configuration

Append either of these snippets to conf/elasticsearch.yml
# remember to set the right CORS origin (or disable it, if you're brave). See https://github.com/elastic/kibana/issues/6719
http.cors.enabled: true
http.cors.allow-origin: /https?:\/\/localhost(:[0-9]+)?/

readonlyrest:
    enable: true

    response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin

    access_control_rules:

    - name: "Logstash can write and create its own indices"
      # auth_key is good for testing, but replace it with `auth_key_sha1`!
      auth_key: logstash:logstash
      type: allow
      actions: ["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
      indices: ["logstash-*", "<no-index>"]

    - name: Kibana Server (we trust this server side component, full access granted via HTTP authentication)
      # auth_key is good for testing, but replace it with `auth_key_sha1`!
      auth_key: admin:passwd3
      type: allow

    - name: Developer (reads only logstash indices, but can create new charts/dashboards)
      # auth_key is good for testing, but replace it with `auth_key_sha1`!
      auth_key: dev:dev
      type: allow
      kibana_access: ro+
      indices: ["<no-index>", ".kibana*", "logstash*", "default"]

Now activate authentication in Kibana server: let the Kibana daemon connect to ElasticSearch in privileged mode.


    

  • edit the kibana configuration file: kibana.yml and add the following:
    • 





elasticsearch.username: "admin"
elasticsearch.password: "passwd3"





This is secure because the users connecting from their browsers will be asked to login separately anyways



4. restart elastic search

at No comments:

ENABLING KIBANA AUTHENTICATION USING NGINX:


  1. Install nginx:
    1. rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
    2. yum -y install nginx httpd-tools
  2. Set one username & password
    1. htpasswd -c /etc/nginx/conf.d/kibana.htpasswd admin
  3. Configure Nginx
    1. vi /etc/nginx/conf.d/kibana.conf
    2. server {
      listen *:8080;
      server_name 192.168.1.5;
      access_log /var/log/nginx/kibana-access.log;
      error_log /var/log/nginx/kibana-error.log;
      location / {
      auth_basic "Restricted Access";
      auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
      proxy_pass http://192.168.1.5:5601;
      #proxy_connect_timeout 150;
      #proxy_send_timeout 100;
      #proxy_read_timeout 100;
      }
      }
  4. Restart Nginx
    1. sudo service nginx restart
  5. Go to the URL : http://192.168.1.5:8080, we should get a authentication screen on successful setup

  NOTE: In case if it doesn't work:


  1. Disable the selinux by running the command
    1. sudo setsebool -P httpd_can_network_connect 1


    2. sudo service nginx restart

at No comments:

Thursday, September 1, 2016

Getting started with Ansible

Ansible Demo

Installing Ansible on CentOS 7 Machine 1 (Eg IP: 192.168.56.101)

yum install -y ansible

Creating inventory file

$ mv /etc/ansible/hosts /etc/ansible/hosts.orig
$ vi /etc/ansible/hosts 

[web]
192.168.56.102 ansible_ssh_pass=<Password> ansible_ssh_user=<UserName>

Save this file with "!wq" command.

Creating Playbook file 

$vi SamplePlaybook.yml
---
- hosts: web
  tasks:
   - name: install apache
     yum: name=httpd state=latest
   - name: copy my indexfile
     template: src=/root/index.html dest=/var/www/index.html
     notify:
      - restart apache
   - name: ensure apache is running
     service: name=httpd state=started enabled=yes
  handlers:
  - name: restart apache
    service: name=httpd state=restarted


Save this file with "!wq" command.

Now execute this file using ansible playbook command:

$ ansible-playbook SamplePlaybook.yml

Output
----------------------------------------------------------------------------------


PLAY [web] *********************************************************************

TASK [setup] *******************************************************************
ok: [192.168.56.102]

TASK [install apache] **********************************************************
ok: [192.168.56.102]

TASK [copy my indexfile] *******************************************************
changed: [192.168.56.102]

TASK [ensure apache is running] ************************************************
changed: [192.168.56.102]

RUNNING HANDLER [restart apache] ***********************************************
changed: [192.168.56.102]

PLAY RECAP *********************************************************************
192.168.56.102             : ok=5    changed=3    unreachable=0    failed=0


at No comments:
Subscribe to: Comments (Atom)

Terraform Cheat Sheet [WIP]

Installing Terraform 

  • Storage Comparison
     
  • Route 53
      Route 53: It is managed DNS (Domain Name Service) DNS is a collection of rules & records which helps client to reach a server through ...
  • Terraform : Working with modules
    Terraform modules is the best way to reuse your terraform resources.  Create a following folder structure: terraform-app terraform-app/modul...